By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

The EBA’s New Travel Rule Guidelines: What CASPs Need to Know - July 2024

Catarina Veloso
Catarina Veloso
July 5, 2024
Catarina, Regulatory & Compliance Senior Associate at Notabene, specializes in global crypto regulations. With roles including co-chair of the CryptoUK Travel Rule group and part of the EBA Expert Group, she shapes Travel Rule compliance. Holds Masters in Energy Law and BA in Law.
Summary

The European Banking Authority (EBA) has issued new Travel Rule Guidelines to enhance the traceability of fund and crypto asset transfers, aiming to combat money laundering and terrorist financing. Stemming from Regulation (EU) 2023/1113, which aligns EU regulations with FATF standards, the Guidelines aim for consistent implementation across the EU, taking effect on December 30, 2024. After releasing a consultation paper in November 2023, to which Notabene responded, the EBA released the final Travel Rule Guidelines on July 4, 2024.

Relevance of the Travel Rule Guidelines: Aligning Travel Rule Supervisory Practices across the EU

The Guidelines reflect the EBA’s view on appropriate supervisory practices within the European System of Financial Supervision or how EU law should be applied in this area. Authorities should integrate these Guidelines into their practices, including adjusting their legal frameworks or supervisory processes as needed.

Key Takeaways from the EBA’s Final Travel Rule Guidelines - July 2024

1. Full Compliance from December 30, 2024, is Mandatory

Travel Rule obligations apply to crypto asset service providers (CASPs) starting December 30, 2024. The EBA states: “From December 30 2024, CASPs as defined in MiCAR will be subject to the EU’s AML/CFT regime and, therefore, these Guidelines,” emphasizing that “non-compliance with Regulation (EU) 2023/1113 is not accepted.” [1]

CASPs may use infrastructures or services with technical limitations until July 31, 2025, provided they fully compensate with additional technical steps to comply with these Guidelines. Full compliance is still mandatory. [2]

{{cta-learnmore1="/cta-components"}}

2. Criteria to Evaluate Travel Rule Solutions

 When evaluating Travel Rule solutions, CASPs should ensure:

  • Seamless Integration: Ensure the system can communicate effortlessly with internal core systems and messaging, payment, and settlement systems. Notabene’s open network approach and integrations with top blockchain analytics, custodians, and sanction screening providers guarantee this connectivity. [3]
  • High Reachability Rates: Assessing the system’s success rate is crucial to ensuring transfers reach the intended beneficiary or are correctly received from the originator. [4] Notabene’s robust network ensures high transaction success rates.
  • Complete Information Detection: The chosen Travel Rule solution must detect transfers with missing or incomplete information. [5] Notabene’s SafeTransact excels here, automatically identifying deposits lacking Travel Rule information and promptly requesting the necessary details from the originator VASP.

3. The EBA removed verification requirements for SHW transfers below €1,000 and allows CASPs to use only one ownership verification method in these transfers

SHW transfers below €1,000

Now, only information collection obligations apply, removing the need to “use suitable technical means to cross-match data, including blockchain analytics and third-party data providers, for the purpose of identifying or verifying the identity of the originator or the beneficiary,” which the EBA initially included in the consultation paper. [6]

In response to the public consultation, Notabene argued that this requirement was disproportionate and technically unfeasible to implement. The framework initially proposed was stricter than the one set out in the Transfer of Funds Regulation (TFR), creating disproportionate obligations on small transactions.

Additionally, we argued that verifying identities through blockchain analytics is impractical, as these providers lack the capability to link personal identities with wallet addresses. We are pleased that the EBA adopted our suggestion, and this adjustment will make compliance more feasible for smaller transactions.

1st-party SHW transfers ≥ €1,000

The guidelines initially required CASPs to use two methods for wallet ownership verification. [7] In our consultation response, we successfully argued that requiring two methods for verifying wallet ownership/control may not enhance the verification process and could force the adoption of potentially inefficient practices. In the final version of the guidelines, CASPs are required to use only one method by default.

Notabene’s product suite includes a pop-up user interface designed to identify and verify Travel Rule counterparties at the point of transaction without impeding the transaction flow. SafeConnect obtains proof of SHW ownership through cryptographic signatures, one of the methods explicitly permitted in the guidelines. [8]

3rd-party SHW transfers above €1,000

While the TFR does not specify the requirements for these transactions, the Travel Rule Guidelines clarify that if the SHW is owned or controlled by a third party who is not a customer of the CASP, the requirements outlined in Article 19a(1)/(a) of Directive (EU) 2015/849 apply. [9] The verification of the originator or beneficiary’s identity mandated by this directive is considered fulfilled if the CASP:

  • Collects additional information from other sources to verify the submitted information (e.g., from blockchain analytics, third-party data, or recognized authorities’ data) or
  • Uses other suitable means as long as it is fully satisfied that it knows the originator’s or beneficiary’s identity. 

Stay tuned for updates to our comprehensive EU Transfer of Funds Regulation guides, which will be updated to reflect the final EBA Travel Rule Guidelines. 

References

[1] European Banking Authority. Guidelines on information requirements in relation to transfers of funds and certain crypto-assets transfers under Regulation (EU) 2023/1113 (‘Travel Rule Guidelines’). Para. 10: Compliance and reporting obligations.
[2] Travel Rule Guidelines, para 24
[3] Travel Rule Guidelines, para 26a
[4] Travel Rule Guidelines, para 26b
[5] Travel Rule Guidelines, para 26c
[6] European Banking Authority. (2023). Consultation Paper on the Draft Guidelines on Preventing the Abuse of Funds and Certain Crypto-Assets Transfers for Money Laundering and Terrorist Financing Purposes under Regulation (EU) 2023/1113 (‘The Travel Rule Guidelines’). EBA/CP/2023/35. November 24, 2023, para 67a
[7] Travel Rule Guidelines, para 35
[8] Travel Rule Guidelines, para 83d
[9] This Directive (commonly known as AMLD4) was in part replaced by Regulation 2024/1624 (commonly known as AMLR). Article 19a of the AMLD4 was incorporated into the AMLR through Article 40. 

FAQs